ASA Redendent 故障切换和有状态链路问题

网络工程 思科 思科 冗余 故障转移
2021-07-15 10:23:36

我们在两个 ASA 之间ASA 5585-X创建了back-to-back(没有中间交换机/集线器)两条 1G 电缆,以使用 g0/6 和 g0/7 接口创建故障转移 + 状态链接。

接口配置

!
interface GigabitEthernet0/6
!
interface GigabitEthernet0/7
!
!
interface Redundant1
 description LAN/STATE Failover Interface
 member-interface GigabitEthernet0/6
 member-interface GigabitEthernet0/7
!

故障转移配置

failover
failover lan unit primary
failover lan interface FailoverLink Redundant1
failover polltime unit msec 200 holdtime msec 800
failover polltime interface msec 500 holdtime 5
failover link FailoverLink Redundant1
failover interface ip FailoverLink 192.168.100.1 255.255.255.0 standby 192.168.100.2

一切正常,但是当我移除g0/6电缆以测试冗余时,我Secondary Failed 在故障转移状态命令中看到错误

asa-1/act/pri# sh failover state

               State          Last Failure Reason      Date/Time
This host  -   Primary
               Active         None
Other host -   Secondary
               Failed         Ifc Failure              12:34:14 UTC Sep 1 2017
                              outside: No Link
                              inside: No Link

====Configuration State===
        Sync Done
====Communication State===
        Mac set

当我尝试故障转移时,出现此错误。

asa-1/act/pri# no failover active
WARNING: NO Standby detected in the network, or standby is in FAILED state.
Switching this unit to Standby can bring down the Network without any Active
So Abording Switchover.

这是冗余链接的状态

asa-1/act/pri# sh int redundant1
Interface Redundant1 "FailoverLink", is up, line protocol is up
  Hardware is bcm56801 rev 01, BW 1000 Mbps, DLY 10 usec
        Auto-Duplex(Full-duplex), Auto-Speed(1000 Mbps)
        Input flow control is unsupported, output flow control is off
        Description: LAN/STATE Failover Interface
        MAC address 4055.3980.0458, MTU 1500
        IP address 192.168.100.1, subnet mask 255.255.255.0
        8427 packets input, 756122 bytes, 0 no buffer
        Received 4 broadcasts, 0 runts, 0 giants
        0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
        0 pause/resume input
        0 L2 decode drops
        0 switch ingress policy drops
        8604 packets output, 910986 bytes, 0 underruns
        0 pause/resume output
        0 output errors, 0 collisions, 0 interface resets
        0 late collisions, 0 deferred
        0 rate limit drops
        0 switch egress policy drops
        0 input reset drops, 0 output reset drops
  Traffic Statistics for "FailoverLink":
        8436 packets input, 604402 bytes
        8615 packets output, 756668 bytes
        0 packets dropped
      1 minute input rate 9 pkts/sec,  659 bytes/sec
      1 minute output rate 9 pkts/sec,  830 bytes/sec
      1 minute drop rate, 0 pkts/sec
      5 minute input rate 9 pkts/sec,  659 bytes/sec
      5 minute output rate 9 pkts/sec,  821 bytes/sec
      5 minute drop rate, 0 pkts/sec
  Redundancy Information:
        Member GigabitEthernet0/7(Active), GigabitEthernet0/6
        Last switchover at 12:33:37 UTC Sep 1 2017
1个回答

“一切正常,但是当我移除 g0/6 电缆时...”--> 这是否意味着在插入 g0/6 电缆时故障转移对您有用?请插回电缆并运行命令show failovershow failover state

我注意到备用 ASA 上的外部和内部接口都有No Link,这意味着备用 ASA 上这些接口的物理链路已关闭,从而导致问题。请检查这个。

其它你可能感兴趣的问题
上一篇使用 Wireshark 在 SNMP 数据字段中搜索 IP 地址 下一篇ARP 缓存条目